SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a Linux server you may often spend much of your time in a terminal session connected to your server through SSH. You log in to VPS via username root and password automatically generated by the publisher. You can lose access to VPS if you reveal your password or have your password detected via Brute Force Attack. Therefore, using SSH Keys will be much more secure than the traditional password login method.
What is a public key authentication
OpenSSH server supports various authentication schema. The two most popular are as follows: Passwords based authentication. Public key based authentication. It is an alternative security method to using passwords. This method is recommended on a VPS, cloud, dedicated or even home based server.
Installing sshd server on Ubuntu Linux
sudo apt install openssh-serverVerify that ssh service running
sudo systemctl status sshHow to creating SSH Keys
The first step to configure SSH key authentication to your server is to generate an SSH key pair on your local computer.
We can use a special utility called ssh-keygen, which is included with the standard OpenSSH suite of tools. By default, this will create a 3072 bit RSA key pair.
ssh-keygenBy default recent versions of ssh-keygen will create a 3072-bit RSA key pair, which is secure enough for most use cases (you may optionally pass in the -b 4096 flag to create a larger 4096-bit key).
Copying the Public Key
You need to save the Public Key information at ~/.ssh/authorized_keys to authenticate logins using SSH Keys.
cat ~/.ssh/id_rsa.pubOnce you have access to your account on the remote server, you should make sure the ~/.ssh directory exists.
mkdir -p ~/.sshnano ~/.ssh/authorized_keysCopy the entire content of the Public key (in the form ssh-rsa AAAA…) and insert it at the end of the file. Press Ctrl+O to save the content and Ctrl+X to exit the editor.
Disabling Password Authentication
If you were able to log into your account using SSH without a password, you have successfully configured SSH-key-based authentication to your account. However, your password-based authentication mechanism is still active, meaning that your server is still exposed to brute-force attacks.
sudo nano /etc/ssh/sshd_configInside the file, search for a directive called PasswordAuthentication. This line may be commented out with a # at the beginning of the line. Uncomment the line by removing the #, and set the value to no. This will disable your ability to log in via SSH using account passwords:
PasswordAuthentication noSave and close the file when you are finished by pressing CTRL+X, then Y to confirm saving the file, and finally ENTER to exit nano.
sudo systemctl restart sshThe SSH daemon on your Ubuntu server now only responds to SSH-key-based authentication. Password-based logins have been disabled.